cbcvebase.
CVE-2015-8258
published 2017-04-10

CVE-2015-8258: AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor…

PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
8.76%
94.5th percentile
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

Affected

1 ranges
VendorProductVersion rangeFixed in
axisaxis_communications_firmware<= 5.80.3

Detection & IOCsextracted from sources · hover to see the quote

path/view/view.shtml
  • Monitor HTTP requests to /view/view.shtml containing an 'imagePath' parameter with an external URL (http/https scheme pointing off-device), which indicates resource injection via the imagePath parameter.
  • Alert on access to the Open Script Editor path ('System Options' -> 'Advanced' -> 'Scripting') from unexpected or external source IPs, as it allows editing any file as root.
  • Detect AXIS device login attempts using default credentials, as exploitation of the Open Script Editor requires admin authentication which is trivially obtained on devices with default passwords.
  • ·The resource injection vulnerability was reportedly fixed in firmware 5.60, but was confirmed still present in 5.80.x across various product models — do not assume patched status based solely on version 5.60+.
  • ·The Open Script Editor is restricted to authenticated admins, but weak/default password policies mean this is not an effective barrier in practice.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:C/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.